From patchwork Thu Jan 11 16:38:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Toby Lloyd Davies X-Patchwork-Id: 83911 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B1BB53858C74 for ; Thu, 11 Jan 2024 16:39:03 +0000 (GMT) X-Original-To: gdb-patches@sourceware.org Delivered-To: gdb-patches@sourceware.org Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) by sourceware.org (Postfix) with ESMTPS id A133C3858C41 for ; Thu, 11 Jan 2024 16:38:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A133C3858C41 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=undo.io Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=undo.io ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A133C3858C41 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::333 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1704991124; cv=none; b=OUG27OJZmKgwhfj6bRdMbo/9MH3A4LIcxPwTtn789rrQalofqke1IxD9eyiNgadBy52k6N3oBGiIatqz68AtnY8Qk+YaQD0LXwJ02jMeTUSGZ39YtY4aVWKDmH9pwgEVzadIjbkHpfB77SBRhfV+vuMnu42cBCaJ72HmGwFc/Go= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1704991124; c=relaxed/simple; bh=Kdk1J0rDy/PtdjH/XZIOPjEfT63O9B8TzB7wHNTu2Z0=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=qr4LnDpwwGcOwu55Y8h+qSJOj41/7hwkGY7YFgdsRnVF1een0CU/eP3fjVPzSDc1qERjVcSAvcGmYfIRZ5tTa0ZvPHEu96YktBM6tW07oNtPStS4M/Dr7kFX01ml4Ze+sXCJlrga6ZjQrPez7WzkpUO4iwNWOBVQEKty7LT7gj8= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-40e6297a00fso3504345e9.3 for ; Thu, 11 Jan 2024 08:38:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=undo.io; s=google2; t=1704991120; x=1705595920; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=uw7X0oQjOJXobqcr3Lxd3AfbjdBWoZ0Rd9pI7KVA7dA=; b=AMC3sTLd9fMMuRKMt8NGMkpMCsUgMey5+jp6qztclGiMUyd4M2+qdBNIFFrez1pxUH +t7Y41QRGdzn1GgP4ZRJnrQ4+1cgdZrJvhZXxNsPvFz6qfmC6BCm9/pLUEPwndoQI/Ls j269jXnZqXDWzKBkBbQgh1S9U7R8LgjODCSReOyH7HYDCLpAOPiKqPxA5vcCGuzqKO8Y XZ6DqeKupZ3xGJ5y3bdtW5u+CT3709g0tP3JOf9OxFfuXs/V6bZp3YrYtny3Bbc60mxt jJTG3WYSkb1qbLAjyiWiTJlta1Aa1FGp3Kyl+GuNwQ8CEhRyGFddXrvayVeY2ovRKOY1 7U6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704991120; x=1705595920; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uw7X0oQjOJXobqcr3Lxd3AfbjdBWoZ0Rd9pI7KVA7dA=; b=VTyjtWLF9j2ViceILDH8fPzlsQiGEDEklPVGvxglSFXrxKCX8VIbIMJPuWGEO5Xjq/ WlHN4NHf/AvqdanIRiEiJeudiZz0fZYWtA/MTQuZRXwzlpYYVes1UxRfQtVQEempACS6 2tRQOOpqjL56aLDvLRE7Ms2Dn36G9864py10zwmm2T911cVjjLuNywVRy5w76eaIGczp 5ixUXeI3CEE4BG3FcKWXn1pgaREPuSYjt7r4ueSq5W36SxhS/LKXg/gRTQRkJe/rfu1X diE35kC7FNIbH6fdd2A83YMd47s7oeDkRRcLRm1Ltm9v6oU5y6NhxQM3FiGMQ6PMZK4H RB9Q== X-Gm-Message-State: AOJu0Ywvw5XfolOn93vBaQKsQ0hQ1OPXtU5+THslAsGneYG7OHYzEWKZ SiE8WVlLc6FC6eObrUkFI0y0sBna/IHTCWSlf2jANDRk8Q8kSmAWKNS58E9kbbizqt6gf3Zm/OP zd7AFSFoAwAFGSObb+Jo5C2UG56STnD78GYAFuHKiQSqP4DJtZMnpOdyBnDHfW5vSWQiXsvLkco Xd93Zqjd892IksKg== X-Google-Smtp-Source: AGHT+IFW5ErBZMg1vYRmPDerCFJzRjZyxskbuQgkyGJ8bAsuBH4vkoovhaLaMqdN56ZRT6CHh5MBHg== X-Received: by 2002:a7b:c7c6:0:b0:40e:6271:a2b2 with SMTP id z6-20020a7bc7c6000000b0040e6271a2b2mr31549wmk.240.1704991120636; Thu, 11 Jan 2024 08:38:40 -0800 (PST) Received: from redhawk-thinkpad.. (cfbb001091.b.cam.camfibre.uk. [185.219.110.245]) by smtp.gmail.com with ESMTPSA id m35-20020a05600c3b2300b0040e541ddcb1sm2555287wms.33.2024.01.11.08.38.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Jan 2024 08:38:40 -0800 (PST) From: Toby Lloyd Davies To: gdb-patches@sourceware.org Cc: Toby Lloyd Davies Subject: [PATCH] gdb/infcall: Fix freed frame dereferenced in inferior call Date: Thu, 11 Jan 2024 16:38:26 +0000 Message-Id: <20240111163826.286722-1-tlloyddavies@undo.io> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Status: No, score=-12.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces+patchwork=sourceware.org@sourceware.org Between the store to frame and it's use by get_frame_sp (frame) there is a call to find_function_addr(). If the function is a IFUNC then this can do another inferior call. This results in the frame cache being invalidated which frees all frames. Then the frame pointer previously stored is left dangling and get_frame_sp (frame) may segfault. --- gdb/infcall.c | 1 + 1 file changed, 1 insertion(+) diff --git a/gdb/infcall.c b/gdb/infcall.c index 8252feea074..15dce04c984 100644 --- a/gdb/infcall.c +++ b/gdb/infcall.c @@ -938,6 +938,7 @@ call_function_by_hand_dummy (struct value *function, /* Ensure that the initial SP is correctly aligned. */ { + frame = get_current_frame (); CORE_ADDR old_sp = get_frame_sp (frame); if (gdbarch_frame_align_p (gdbarch))